Identity and Access Management (IAM) is one of the most-important security controls. Now more than ever; especially with the advent of cloud computing and other distributed 'as a service' platforms. IAM systems create massive amounts of log and telemetry data, overwhelming security teams with their sheer volume. Aaron Turner and Raffael Marty have designed a 2-day, vendor-agnostic training course to provide participants with hands-on instruction for how to deal with these massive amounts of data. Using the latest approaches in machine learning and design, the course will give real-world examples of how to capture the maximum amount of data for analysis and then sort through it to find real security problems.

This hands-on training session will provide participants with an in-depth look at how to use the latest in big data processing tools to solve real-world problems around monitoring users through IAM systems. Machine learning theory & design instruction will be followed by hands-on labs to apply lessons learned to IAM log data, followed by instructions on the latest IAM architectures and tools that help design even the toughest cloud security solutions. The final project will be a capture the flag (CTF) exercise where each team must both defend an IAM system while simultaneously attacking their opponent's IAM infrastructure and dependent systems.

Mapping the DNS of an organization on the fly using Graphviz. DNS data is collated using regular DNS lookups as well as passive data sets for sub-domains. Map includes IP, Hostname, Netblock Owner and record type.

Adjacent to data visualization are all the different disciplines that help us getting from raw data to visualizations. There are the topics of big data, data mining, and data exploration which come to mind. The world has gotten quite confused and lax about using the terms artificial intelligence and machine learning. Often data mining, for example will be lumped underneath these topics. I have written a few pieces lately that talk about AI and ML in cyber security. They should help bringing a bit more clarity into the approaches and what is suited for the cyber discussion. The topic of data visualization is still a crucial one and I am not doing it justice in any of my write ups. But we shouldn't forget that data visualization is probably one of the most important methods when it comes to helping analysts better understand what they are looking at, and helping data scientists understand what their algorithms have just done.

Oh, and should you be interested in Virtual Reality - I just published a short critique of a 'pro VR' article.

In early December, I gave the keynote at the ACSAC 2017 conference in Orlando, Florida.

In the presentation I look at a number of topics around using big data for security. I start by showing what big data looks like for security, how the history of using security for big data is tightly linked to the progress in big data itself. I talk about machine learning and artificial intelligence and show some of the limits and dangers of how we currently apply machine learning in security and how we can apply data visualization to help analysts better understand data. I then go on to peek a little bit into my magic 8 ball to see how security big data environments might look in the future and finish the presentation with posing a few challenges to the community about security for big data problems.

I am a PhD researcher at University of Southampton and my PhD topic is Visualisation in Cyber Security.

I have a questionnaire, for my thesis, aimed at people who have experience in Cyber Security, Visualization (or HCI) design or both. I would really appreciate if you can take some time out and fill out the questionnaire.

BlackHat 2017 - Las Vegas

OVERVIEW

Big data and security intelligence are the two very hot topics in security. We are collecting more and more information from both the infrastructure, but increasingly also directly from our applications. This vast amount of data gets increasingly hard to understand. Terms like map reduce, hadoop, spark, elasticsearch, data science, etc. are part of many discussions. But what are those technologies and techniques? And what do they have to do with security analytics/intelligence? We will see that none of these technologies are sufficient in our quest to defend our networks and information. Data visualization is the only approach that scales to the ever changing threat landscape and infrastructure configurations. Using big data visualization techniques, you uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. Something that is increasingly referred to as hunting. The attendees will learn about log analysis, big data, information visualization, data sources for IT security, and learn how to generate visual representations of IT data. The training is filled with hands-on exercises utilizing the DAVIX live CD.

What's New?

The workshop is being heavily updated over the next months. Check back here to see a list of new topics:

TRAINER

Raffael Marty is vice president of security analytics at Sophos, and is responsible for all strategic efforts around security analytics for the company and its products. He is based in San Francisco, Calif. Marty is one of the world's most recognized authorities on security data analytics, big data and visualization. His team at Sophos spans these domains to help build products that provide Internet security solutions to Sophos' vast global customer base.

Previously, Marty launched pixlcloud, a visual analytics platform, and Loggly, a cloud-based log management solution. With a track record at companies including IBM Research, ArcSight, and Splunk, he is thoroughly familiar with established practices and emerging trends in the big data and security analytics space. Marty is the author of Applied Security Visualization and a frequent speaker at academic and industry events. Zen meditation has become an important part of Raffy's life, sometimes leading to insights not in data but in life.

We recently posted a case study of how a Fortune 100 company is using Security Visualization as a front end to their various data collection systems. The Security Visualization allows the company's analysts to look at 100's of thousands of correlations each day and apply human pattern recognition to spot the "needles in the haystack". These are threats that are designed to avoid traditional intrusion and event management. Once the potential threat is identified and the log data is carved down to just the logs that are relevant, that subset of log data is then attached to a case study and delivered to case investigation for further evaluation. In addition to identifying and carving down to just the relevant logs, the security visualization also makes it easier to communicate the findings to the extended team.

Hi, I am a Phd candidate in Informatics Institude at Middle East Technical University. I prepared an online survey as a part of my phd thesis. However, since this subject is relatively new I can not find anybody who may fill this survey around me in Turkey.

The survey is in Google Forms, at link https://goo.gl/forms/xbfmrqJ4jxA4rvQ53. It is not very short :( It may take around 20 minutes but it is easy to fill, mostly composed of multi selection questions. Uncompleted survey results are not saved so the participants should complete the survey.

Although we ask questions related to security systems and security visualization systems used to understand the visualization requirements.The survey, in general, does not include questions that give personal discomfort. No tracking information such as email or organization name is asked during the survey. More descriptive information about how the survey results will be used exists in the starting page. So, please do not hesitate to fill, due to your privacy concerns.

I hope experts of this forum may help me by filling the survey during a coffee break. I need to take feedback soon, before my next thesis committee. I appreciate your help to a newbie security visualization researcher (me) :)

The 13th IEEE Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cybersecurity community through new and insightful visualization and analysis techniques. VizSec provides an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. VizSec will be held in Baltimore, MD, USA in conjunction with IEEE VIS.

When applicable, visualization and interaction techniques that effectively capture the insights of human analysts and/or allow analysts to collaborate efficiently are particularly desirable.

*** New for 2016! *** Case Studies

Short papers describing practical applications of security visualization are solicited. We encourage the submission of papers discussing the introduction of cyber security visualizations into operational context, including, but not limited to:

- Cases where visualization made positive contributions towards meeting
operational needs
- Gaps or negative outcomes from visualization deployments
- Situations where visualization was not utilized, but could have had a
positive impact
- Lessons learned from operational engagements
- Insights gained from the transition process

Cyber security practitioners from industry, as well as the research community, are encouraged to submit case studies.

Posters

Poster submissions may showcase late-breaking results, work in progress, preliminary results, or visual representations relevant to the VizSec community. The poster program will be a great opportunity for the authors to interact with the attendees and solicit feedback.

Submissions

Submissions must be formated using the IEEE VGTC template that can be found at http://junctionpublishing.org/vgtc/Tasks/camera.html. All submissions should be in PDF format.

Papers should be at most 8 pages including the bibliography and appendices. Papers will be peer-reviewed by at least 3 members of the program committee. Committee members are not required to read the appendices or any pages past the maximum. Submissions not meeting these guidelines will be rejected without consideration of their merit. Reviews are single-blind, so authors may include names and affiliations in their submissions. Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings.

The VizSec proceedings will be published by IEEE. Authors of accepted papers must guarantee that their papers will be presented at the conference.
Case Studies

Case studies should be at most 4 pages including the bibliography and appendices. Case study submissions will be reviewed by the Paper Chair(s) and other members of the organizing committee to determine relevance to the VizSec community.

Accepted case study authors will have time to present their work at VizSec during the program.

Accepted case studies will be made available on this website.

Extended abstract for posters should be at most 2 pages including the bibliography. Poster abstracts will be reviewed by the Poster Chair(s) and other members of the organizing committee to determine relevance to the VizSec community.

Accepted authors must present a corresponding poster during the workshop. The poster authors can determine the layout by themselves, but the dimensions of the posters should not exceed the A0 space (841mm x 1189mm or 33.1" x 46.8"). Additionally, poster authors are requested to give a brief oral preview during a plenary "fast forward" session.

When applicable, submissions including tests and evaluations of the proposed tools and techniques are considered particularly desirable. If possible, making the data used for the tests available will also be considered positively. If you do not have real-world data to demonstrate your visualization, you may be interested in looking at the VAST Challenge data sets.

Important Dates

All deadlines are 5:00 PM PST

Papers and Case Studies

August 1, 2016
Submission for Papers and Case Studies
September 5, 2016
Author Notification for Papers and Case Studies
October 3, 2016
Camera Ready Submission and Copyright Forms for Papers